[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAPv2/v3 ASN.1
FYI, here is a LDAPv2/v3 grammar, just so one can see what's different
in the grammar. Diffs via #if VERSION = 1, 2 or 3, and #if CLDAP.
(Which doesn't mean I propose to use cpp with ASN.1 for real:-)
-- openldap.asn - meta-ASN for LDAP v1-v3 and CLDAP. --
-- Checks symbols VERSION = <1/2/3>, CLDAP != 0. --
Lightweight-Directory-Access-Protocol-V3 DEFINITIONS
IMPLICIT TAGS ::=
BEGIN
#if VERSION >= 3
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
#else
maxInt INTEGER ::= 65535
/* Rename LDAPv3 symbols back to the LDAPv2 names */
#define AttributeDescription AttributeType
#define ModifyDNRequest ModifyRDNRequest
#define ModifyDNResponse ModifyRDNResponse
#define derefAlways alwaysDerefAliases
#endif /* LDAPv3 */
#if !CLDAP
LDAPMessage ::= SEQUENCE {
messageID MessageID,
-- unique id in request, to be echoed in response(s) --
protocolOp CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
-- rfc1777 combines these two to CHOICE searchResponse --
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
# if VERSION >= 3
searchResRef SearchResultReference,
# endif
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
# if VERSION >= 3
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
# endif
},
# if VERSION >= 3
controls [0] Controls OPTIONAL
# endif
}
#else /* CLDAP */
CLDAPMessage ::= SEQUENCE {
messageID MessageID,
user LDAPDN, -- should be zero-length in a response --
protocolOp CHOICE {
searchRequest SearchRequest,
searchResponse SEQUENCE OF CHOICE {
entry SearchResultEntry,
resultCode SearchResultDone
},
abandonRequest AbandonRequest,
},
}
#endif /* !CLDAP */
MessageID ::= INTEGER (0 .. maxInt)
LDAPString ::= OCTET STRING
LDAPDN ::= LDAPString
RelativeLDAPDN ::= LDAPString
AttributeDescription ::= LDAPString
AttributeDescriptionList ::= SEQUENCE OF AttributeDescription
AttributeValue ::= OCTET STRING
#if VERSION >= 3
AssertionValue ::= OCTET STRING
#else /* !LDAPv3 */
#define AssertionValue AttributeValue /* 2 symbols with same ASN in LDAPv3 */
#endif /* LDAPv3 */
AttributeValueAssertion ::= SEQUENCE {
attributeDesc AttributeDescription,
assertionValue AssertionValue
}
LDAPResult ::= SEQUENCE {
resultCode ENUMERATED {
success (0),
operationsError (1),
protocolError (2),
timeLimitExceeded (3),
sizeLimitExceeded (4),
compareFalse (5),
compareTrue (6),
authMethodNotSupported (7),
strongAuthRequired (8),
-- 9 reserved --
# if VERSION >= 3
referral (10), -- new in LDAPv3
adminLimitExceeded (11), -- new in LDAPv3
unavailableCriticalExtension (12), -- new in LDAPv3
confidentialityRequired (13), -- new in LDAPv3
saslBindInProgress (14), -- new in LDAPv3
# endif
noSuchAttribute (16),
undefinedAttributeType (17),
inappropriateMatching (18),
constraintViolation (19),
attributeOrValueExists (20),
invalidAttributeSyntax (21),
-- 22-31 unused --
noSuchObject (32),
aliasProblem (33),
invalidDNSyntax (34),
# if VERSION < 3
isLeaf (35), -- removed in LDAPv3
# endif
aliasDereferencingProblem (36),
-- 37-47 unused --
inappropriateAuthentication (48),
invalidCredentials (49),
insufficientAccessRights (50),
busy (51),
unavailable (52),
unwillingToPerform (53),
loopDetect (54),
-- 55-63 unused --
namingViolation (64),
objectClassViolation (65),
notAllowedOnNonLeaf (66),
notAllowedOnRDN (67),
entryAlreadyExists (68),
objectClassModsProhibited (69),
# if CLDAP
resultsTooLarge (70), -- CLDAP only
# endif
# if VERSION >= 3
affectsMultipleDSAs (71), -- new in LDAPv3
# endif
-- 72-79 unused --
other (80)
-- 81-90 reserved for APIs --
},
# if VERSION > 1
matchedDN LDAPDN, -- not in LDAPv1
# endif
errorMessage LDAPString, -- may contain referrals in LDAPv2 --
# if VERSION >= 3
referral [3] Referral OPTIONAL
-- BindResponse/ExtendedResponse have optional extra elements here --
# endif
}
#if VERSION >= 3
Referral ::= SEQUENCE OF LDAPURL
LDAPURL ::= LDAPString -- limited to characters permitted in URLs
Controls ::= SEQUENCE OF Control
Control ::= SEQUENCE {
controlType LDAPOID,
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL
}
LDAPOID ::= OCTET STRING
#endif /* LDAPv3 */
BindRequest ::= [APPLICATION 0] SEQUENCE {
version INTEGER (1 .. 127),
-- version is currently 3 or less --
name LDAPDN,
-- null name implies an anonymous bind --
authentication AuthenticationChoice
}
AuthenticationChoice ::= CHOICE {
simple [0] OCTET STRING,
# if VERSION < 3
krbv42LDAP [1] OCTET STRING,
krbv42DSA [2] OCTET STRING,
-- values as returned by krb_mk_req()
# else
sasl [3] SaslCredentials
# endif
}
#if VERSION >= 3
SaslCredentials ::= SEQUENCE {
mechanism LDAPString,
credentials OCTET STRING OPTIONAL
}
#endif
BindResponse ::= [APPLICATION 1] SEQUENCE {
COMPONENTS OF LDAPResult,
#if VERSION >= 3
serverSaslCreds [7] OCTET STRING OPTIONAL
#endif
}
UnbindRequest ::= [APPLICATION 2] NULL
SearchRequest ::= [APPLICATION 3] SEQUENCE {
baseObject LDAPDN,
scope ENUMERATED {
baseObject (0),
singleLevel (1),
wholeSubtree (2)
},
derefAliases ENUMERATED {
neverDerefAliases (0),
derefInSearching (1),
derefFindingBaseObj (2),
derefAlways (3)
},
sizeLimit INTEGER (0 .. maxInt),
-- value of 0 implies no sizelimit
timeLimit INTEGER (0 .. maxInt),
-- value of 0 implies no timelimit
typesOnly BOOLEAN,
-- TRUE if only attribute descriptions
-- (without values) are to be returned.
filter Filter,
attributes AttributeDescriptionList
}
Filter ::= CHOICE {
and [0] SET OF Filter,
or [1] SET OF Filter,
not [2] Filter,
equalityMatch [3] AttributeValueAssertion,
substrings [4] SubstringFilter,
greaterOrEqual [5] AttributeValueAssertion,
lessOrEqual [6] AttributeValueAssertion,
present [7] AttributeDescription,
approxMatch [8] AttributeValueAssertion,
# if VERSION >= 3
extensibleMatch [9] MatchingRuleAssertion
# endif
}
SubstringFilter ::= SEQUENCE {
type AttributeDescription,
-- at least one substring must be present
substrings SEQUENCE OF CHOICE {
initial [0] LDAPString,
any [1] LDAPString,
final [2] LDAPString
}
}
#if VERSION >= 3
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MatchingRuleId OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] AssertionValue,
dnAttributes [4] BOOLEAN DEFAULT FALSE
}
MatchingRuleId ::= LDAPString
SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL
#endif /* LDAPv3 */
SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
objectName LDAPDN,
attributes PartialAttributeList
}
PartialAttributeList ::= SEQUENCE OF SEQUENCE {
type AttributeDescription,
vals SET OF AttributeValue
}
SearchResultDone ::= [APPLICATION 5] LDAPResult
ModifyRequest ::= [APPLICATION 6] SEQUENCE {
object LDAPDN,
modification SEQUENCE OF SEQUENCE {
operation ENUMERATED {
add (0),
delete (1),
replace (2)
},
modification AttributeTypeAndValues
}
}
AttributeTypeAndValues ::= SEQUENCE {
type AttributeDescription,
vals SET OF AttributeValue
}
ModifyResponse ::= [APPLICATION 7] LDAPResult
AddRequest ::= [APPLICATION 8] SEQUENCE {
entry LDAPDN,
attributes AttributeList
}
AttributeList ::= SEQUENCE OF SEQUENCE {
type AttributeDescription,
vals SET OF AttributeValue
}
AddResponse ::= [APPLICATION 9] LDAPResult
DelRequest ::= [APPLICATION 10] LDAPDN
DelResponse ::= [APPLICATION 11] LDAPResult
ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
entry LDAPDN,
newrdn RelativeLDAPDN,
# if VERSION >= 3
deleteoldrdn BOOLEAN,
-- deleteoldrdn is implicity TRUE in LDAPv2 --
newSuperior [0] LDAPDN OPTIONAL
# endif
}
ModifyDNResponse ::= [APPLICATION 13] LDAPResult
CompareRequest ::= [APPLICATION 14] SEQUENCE {
entry LDAPDN,
ava AttributeValueAssertion
}
CompareResponse ::= [APPLICATION 15] LDAPResult
AbandonRequest ::= [APPLICATION 16] MessageID
#if VERSION >= 3
ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
requestName [0] LDAPOID,
requestValue [1] OCTET STRING OPTIONAL
}
ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
COMPONENTS OF LDAPResult,
responseName [10] LDAPOID OPTIONAL,
response [11] OCTET STRING OPTIONAL
}
-- These symbols are defined but not used in the rfc2251 grammar --
AttributeType ::= LDAPString
Attribute ::= SEQUENCE { AttributeDescription, SET OF AttributeValue }
#endif /* LDAPv3 */
END